Re: klibc 1.5.20 stable/oldstable update
On Mon, 2011-05-30 at 17:35 +0200, maximilian attems wrote:
> On Thu, 19 May 2011, Adam D. Barratt wrote:
> > On Wed, 2011-05-18 at 15:41 +0000, maximilian attems wrote:
> > > * [klibc] ipconfig: comment new escape function
> > > security fix for CVE-2011-0997 type vulnerability
> > > corresponding cve requested but not yet given out.
> > > http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=46a0f831582629612f0ff9707ad1292887f26bff
> > As mentioned on oss-sec, it would be nice if this didn't write to a
> > predictable filename. From the stable update point-of-view though, I
> > realise that's not a regression relative to the current lenny / squeeze
> > versions.
> It is not of relevance for current pre-init usage, as you don't have
> unpriviliged users there, but it will get fixed upstream, by making the
> used dir an optional switch.
Thanks for the update.
> > > * [klibc] ipconfig: Only peek and discard packets from specified device.
> > > This fixes netbooting on boxes with several connected network dev.
> > > (the commit is on the largeish size, but got tested together with 1.5.20)
> > > http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=92823d1a78a8a6f3e7a7cc36f949ca6379c4e77c
> > >
> > >
> > > concerning oldstable only the first one should be fixed.
> > > ipconfig has deeper troubles there.
> > >
> > > if acked by SRM I'd upload a klibc-1.5.20-2 with just the 2 aboves fixes
> > > for stable and a 1.5.12-3 for oldstable with just the first fix?
> > I'd appreciate debdiffs for a final check before the uploads, but the
> > above sounds good; thanks.
> do you mean belows output of debdiff on the dsc files?
> belows is for stable, oldstable will follow once this is acked.
Something very much like that, yes. :-) Please go ahead with the stable
upload; thanks. (Ugh at the debian-changes auto-patch, but that's not
a regression from the current squeeze package, so never mind.)